Overview
Corelayer uses customizable PII masking to keep sensitive customer data protected without removing the technical context engineers need for root-cause analysis. PII is redacted before analysis so sensitive values are not exposed in issue summaries, notifications, or AI investigation output.Why It Matters
- Protects sensitive customer information by default
- Preserves operational visibility for faster debugging
- Supports regulated environments with stricter privacy controls
- Lets teams tune redaction based on their compliance needs
PII Categories
Corelayer supports five masking categories:| Category | Examples | Default |
|---|---|---|
secrets | API keys, tokens, credentials, private keys | Always On |
personal_info | Email addresses, phone numbers, SSNs, physical addresses | On |
financial | Credit card numbers, account-like financial strings | On |
network | IPv4 and IPv6 addresses | Off |
identifiers | UUIDs, user IDs, session IDs, coordinate-like IDs | Off |
network and identifiers are off by default to avoid over-redacting operational signals that are often required for debugging.
How Masking Works
- Data is ingested for issue detection and investigation.
- PII masking rules are applied before analysis output is generated.
- Redacted output is used in issue summaries, notifications, and investigation artifacts.
Configure PII Masking
- In Corelayer, go to Settings → Privacy.
- Toggle supported categories (
personal_info,financial,network,identifiers). - Save settings.
secretsmasking is always enabled and cannot be disabled.- Settings are scoped at the organization group level.
- If a category is not explicitly configured, Corelayer uses the system default.